Editing a OIDC Provider

Editing an OIDC Dynamic Auth Provider with AdminUI

Once loaded you will be directed to the details tab by default. The OIDC tabs to view and edit are:

• Details Tab page for managing general information about the OIDC provider
• Scopes Tab page for managing the scopes assigned to the OIDC provider
• Advanced Tab page for managing advance configuration of the OIDC provider

Details Tab

The Details tab is where you will be able to view the "Scheme" of the dynamic provider along with modify the following elements:

• Enabled a switch to enable and disable the provider
• Display Name a name used to identify the provider in the login screen
• Authority URL the URL of the provider (must begin with https://)
• Client ID internal identifier to the external provider
• Callback Path (Only in RSK mode) path of the ACS endpoint
• OAuth Flow the flow used by provider
• Sign In Scheme (Only in RSK mode) the sign in Scheme representing an authentication handler on your IDS code
• Different Sign Out Scheme (Only in RSK mode) enable entering Sign out Scheme different to the Sign in Scheme
• Sign Out Scheme (Only in RSK mode) the sign out Scheme representing an authentication handler on your IDS code
• Client Secret an optional secret used to access external provider

Scopes Tab

The Scopes tab is where you can view, add, and remove scopes for a provider.

Advanced Tab

In Duende mode the only option available is Get Claims From User Info Endpoint.

In Rsk mode there are available several inner tabs as follows.

Advanced tab: Request

• Resource ...
• Response Mode the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. The options are:
  • Query (query) parameters are encoded in the query string at the end of the redirect URI
  • FormPost (form_post) parameters are are encoded as HTML form parameters transmitted in a HTML Post
  • Fragment (fragment) parameters are encoded in the fragment at the end of the redirect URI
• Prompt specifies whether the Authorization Server prompts the End-User for reauthentication and consent

Advanced tab: Claims

• Get Claims From User Info Endpoint retrieves additional claims from the user info endpoint after creating an identity from id_token
• Map Inbound Claims maps claim types that are extracted when validating a JwtSecurityToken.

Advanced tab: Sign Out

• Remote Sign Out Path requests received on this path will cause the middleware to invoke SignOut using the SignInScheme
• Signed Out Redirect Uri where the user agent will be redirected to after application is signed out from the identity provider
• Signed Out Callback Path the request path within the application's base path where the user agent will be returned after sign out from the identity provider

Advanced tab: Metadata

• Refresh Metadata On Issuer Key Not Found this allows for automatic recovery in the event of a signature key rollover
• Metadata Refresh Interval represents how often an automatic metadata refresh should occur

Advanced tab: Tokens

• Save Tokens defines whether access and refresh tokens should be stored in the AuthenticationProperties after a successful authorization
• Use Token Lifetime indicates that the authentication session lifetime (e.g. cookies) should match that of the authentication token

Advanced tab: Other

• Retrieval Refresh Interval represents the minimum time between retrievals, in the event that a retrieval failed, or that a refresh was explicitly requested
• Skip Unrecognized Requests if enabled the handler will pass requests through that do not contain OpenIdConnect authentication responses
• Disable Telemetry

Actions Available

In the edit screen there are two options available, these are described below:

• Save All Once valid changes have been made this button should be clickable and it will save the changes made in all 3 of the tabs.
• Delete Will completely remove the provider from IdentityServer